<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.24.1.1">
</HEAD>
<BODY>
Hi,<BR>
<BR>
<BR>
<BR>
On Thu, 2009-03-12 at 00:52 +0200, yossi ozani wrote:
<BLOCKQUOTE TYPE=CITE>
Hi all...<BR>
<BR>
I started to learn selinux and I have a question about mapping in selinux. <BR>
I logged in as <B>staff_u. </B>The command id -Z gives me the following context: user_u:user_r:user_t<BR>
The command: semanage user -l |grep staff_u<BR>
print the output: <B>staff_u sysadm_r staff_r</B><BR>
<BR>
<U>My questions:</U><BR>
1) How the login process know to choose the <B>staff_r</B> role and not the<B> sysadm_r</B> role ?<BR>
</BLOCKQUOTE>
semenage login -l<BR>
--mappings linux users into selinux user (1:1)<BR>
<BLOCKQUOTE TYPE=CITE>
2) If only one is the appropriate role why I can see a list of roles to some seusers like <B>staff_u</B> and <B>root</B> ?<BR>
</BLOCKQUOTE>
semanage user -l<BR>
--mappings selinux users into selinux roles (1:n)<BR>
<BLOCKQUOTE TYPE=CITE>
<BR>
Many thanks for the help<BR>
Yossi<BR>
<BR>
<BR>
</BLOCKQUOTE>
</BODY>
</HTML>